LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

2 August 2022

A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server.

Read full article on The Hacker News

Date:

2 August 2022

Categorie(s):

NEWS

Tag(s):

IT, News, Payloads, Ransomware, Windows Defender

TensorFlow AI models at risk due to Keras API flaw23 April 2024
Hackers infect users of antivirus service that delivered updates over HTTP23 April 2024
Top 5 Cybersecurity Threats That eCommerce Websites Should Watch Out For23 April 2024
Google ad for Facebook redirects to scam23 April 2024
Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland… – SWN #38023 April 2024